Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDD continually being accessed - infected?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Dogspods

Dogspods

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 24 June 2012 - 04:18 AM

Hard drive is continually being accesses while PC is on (hdd light is almost lit constantly) plus PC seems a little slow.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by steve.bird at 9:27:58 on 2012-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.3578 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Users\steve.bird\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\steve.bird\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\DllHost.exe

++++
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Web Studio 5.0 Update Setup] C:\Users\steve.bird\AppData\Local\{22A05767-4EAB-4AF6-A400-7E5B87BE48E3}\WebStudio5Install.exe /updatesetup
uRun: [Web Studio 5.0 Update Setup for All Users] C:\ProgramData\{22A05767-4EAB-4AF6-A400-7E5B87BE48E3}\WebStudio5Install.exe /updatesetup
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Facebook Update] "C:\Users\steve.bird\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [WD Spindown Utility] "C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\STEVE~1.BIR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\steve.bird\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\STEVE~1.BIR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\steve.bird\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SUITCA~1.LNK - C:\Windows\Installer\{7451C9B5-3E10-4E59-AD37-AB7438D84288}\_01D57C9244869186542E24.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search Image on TinEye - file://C:\Users\steve.bird\Documents\TinEye IE Plugin\TinEye.js
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.142.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{59C37C70-9CF8-4A5A-BFFD-587D308E7FB1} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [WD Spindown Utility] "C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\System32\ASTSRV.EXE [2011-11-1 57344]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2012-2-21 22528]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-1 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-23 255376]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-9 654408]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nlsInterface;Nalpeiron Licensing Service 64-bit;C:\Windows\system32\nlsInterface.exe --> C:\Windows\system32\nlsInterface.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-1 2656280]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-23 2348352]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-27 1431888]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-24 08:21:01 -------- d-----w- C:\Users\steve.bird\AppData\Local\{E6F010B9-BC47-4400-9DD9-27DFC654A553}
2012-06-24 08:20:48 -------- d-----w- C:\Users\steve.bird\AppData\Local\{5FD7D003-A594-427E-8D22-5E1E0D302F88}
2012-06-24 02:25:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42095BCF-A173-493E-A6CB-D577A2146EF1}\mpengine.dll
2012-06-23 21:35:55 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 21:24:41 -------- d-----w- C:\Users\steve.bird\AppData\Local\{EC2D4645-B0F0-406A-9244-B8D6E220E00E}
2012-06-23 07:37:27 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-06-23 07:18:00 -------- d-----w- C:\Users\steve.bird\AppData\Local\{22C5B906-9484-49D7-9720-2B480F114498}
2012-06-22 17:10:22 -------- d-----w- C:\Users\steve.bird\AppData\Local\Acer
2012-06-22 17:09:58 -------- d-----w- C:\Users\steve.bird\AppData\Local\{03AC185D-F667-4CB6-AFD8-BF399D8A2DC8}
2012-06-22 16:31:18 -------- d-----w- C:\Users\steve.bird\AppData\Local\Adobe
2012-06-22 08:19:57 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-22 08:06:23 -------- d-----w- C:\Users\steve.bird\AppData\Local\{7FF3D971-75E3-4D02-9348-91D88C82B7E8}
2012-06-21 07:48:44 -------- d-----w- C:\Users\steve.bird\AppData\Local\{5B751BE3-3DF6-45AD-9CB9-469569A6A020}
2012-06-21 07:48:34 -------- d-----w- C:\Users\steve.bird\AppData\Local\{B968FAE7-6B41-43F7-9F26-3244B19D0EEF}
2012-06-21 01:11:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 01:11:15 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 01:11:04 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 01:11:04 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 07:16:45 -------- d-----w- C:\Users\steve.bird\AppData\Local\{A02DB081-3110-48AD-B292-EC0518516B6E}
2012-06-20 07:16:34 -------- d-----w- C:\Users\steve.bird\AppData\Local\{4A1901E8-4655-4C95-94EB-886BBA847C28}
2012-06-19 08:26:06 -------- d-----w- C:\Users\steve.bird\AppData\Local\{12005768-939A-4F44-A24C-FECDB7543AE6}
2012-06-19 08:25:54 -------- d-----w- C:\Users\steve.bird\AppData\Local\{4927BAE4-2EB9-4019-8471-BD1D52895CE4}
2012-06-18 07:36:13 -------- d-----w- C:\Users\steve.bird\AppData\Local\{C5C17600-C7B0-45F7-AD6C-C7E2866D463D}
2012-06-17 10:36:08 -------- d-----w- C:\Users\steve.bird\AppData\Local\{7DEDBF93-8ED7-44EB-9CF5-E0DE2CAD94CA}
2012-06-17 10:27:06 -------- d-----w- C:\Users\steve.bird\AppData\Local\{BD94CCBA-FB8B-4059-ADC7-F054B4157D64}
2012-06-16 07:30:07 -------- d-----w- C:\Users\steve.bird\AppData\Local\{AC85FCBB-E4B0-4809-AC50-63F10909B3A0}
2012-06-15 06:16:00 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-06-15 06:12:55 -------- d-----w- C:\Users\steve.bird\AppData\Local\backburner
2012-06-15 04:41:55 -------- d-----w- C:\Users\steve.bird\AppData\Local\{79D4DB1E-C969-495B-B2BD-89E3BDF12944}
2012-06-14 08:16:59 -------- d-----w- C:\Program Files\iTunes
2012-06-14 08:16:59 -------- d-----w- C:\Program Files\iPod
2012-06-14 08:16:59 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-14 08:02:16 -------- d-----w- C:\Users\steve.bird\AppData\Local\{F8A0AC41-D172-4652-9184-6C57281FB8B0}
2012-06-14 08:02:02 -------- d-----w- C:\Users\steve.bird\AppData\Local\{1253D5F6-018B-4089-B8E7-7E7081C84AA4}
2012-06-13 07:52:16 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60B7D01E-9B7D-4BF4-8587-1B81D087856B}\gapaengine.dll
2012-06-13 07:43:55 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 07:40:21 -------- d-----w- C:\Users\steve.bird\AppData\Local\{4184FBFA-7AE4-4FE7-9D45-1F6DB221A8F6}
2012-06-13 07:40:09 -------- d-----w- C:\Users\steve.bird\AppData\Local\{FB62A0D9-2EB6-41DC-A66B-D4FD4892B84A}
2012-06-12 10:23:21 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-06-12 07:34:40 -------- d-----w- C:\Users\steve.bird\AppData\Local\{3433FF86-3577-4650-82BD-D0C70030DC2C}
2012-06-12 07:34:28 -------- d-----w- C:\Users\steve.bird\AppData\Local\{AED4AA1A-BB0D-48ED-B9D1-0EB8DB956ED0}
2012-06-11 07:30:55 -------- d-----w- C:\Users\steve.bird\AppData\Local\{2CBE71B7-99BE-4111-9630-1CC89F0D3F36}
2012-06-11 07:30:39 -------- d-----w- C:\Users\steve.bird\AppData\Local\{E5F4D2E8-EE9C-49F0-9D94-C441608357E1}
2012-06-10 15:59:06 -------- d-----w- C:\Users\steve.bird\AppData\Local\{BD866280-C480-4470-8695-73469201F220}
2012-06-10 15:58:54 -------- d-----w- C:\Users\steve.bird\AppData\Local\{C9E6C9C3-1281-494F-9AD8-5BCB267E29F6}
2012-06-09 11:12:59 -------- d-----w- C:\Users\steve.bird\AppData\Roaming\Astute Graphics
2012-06-09 11:11:36 -------- d-----w- C:\ProgramData\Astute Graphics
2012-06-09 11:11:36 -------- d-----w- C:\Program Files (x86)\com.astg.dw1
2012-06-09 09:59:39 -------- d-----w- C:\Users\steve.bird\AppData\Local\{AAE96C73-9FF0-498D-8F88-D50DE8047C0B}
2012-06-09 09:59:27 -------- d-----w- C:\Users\steve.bird\AppData\Local\{3317959F-92FF-4C2B-9A0C-07AF0035D59D}
2012-06-08 06:44:56 -------- d-----w- C:\Users\steve.bird\AppData\Local\{9BBCB1FA-CD0E-443F-88DF-1E01816C2148}
2012-06-08 06:44:45 -------- d-----w- C:\Users\steve.bird\AppData\Local\{CB009B22-DE48-4371-BDB5-6E4297D316AF}
2012-06-07 07:06:41 -------- d-----w- C:\Users\steve.bird\AppData\Local\{CA549CD8-6CDF-47F5-A4A2-578B24652BFF}
2012-06-07 07:06:28 -------- d-----w- C:\Users\steve.bird\AppData\Local\{19E6BD43-0293-46F0-B911-C644581982B7}
2012-06-06 08:17:10 -------- d-----w- C:\Users\steve.bird\AppData\Local\{077CA622-EAA0-4CB8-A559-289513AAE1EC}
2012-06-06 08:17:00 -------- d-----w- C:\Users\steve.bird\AppData\Local\{B73BECD0-EBC0-4966-B7EB-1A84DDC75DCB}
2012-06-05 08:49:43 -------- d-----w- C:\Users\steve.bird\AppData\Local\{8E37E28B-DCF7-4E8D-B226-1193BBE9AD49}
2012-06-05 08:49:28 -------- d-----w- C:\Users\steve.bird\AppData\Local\{99E53709-70E8-4171-BCFB-D116024A544C}
2012-06-03 09:10:38 -------- d-----w- C:\Users\steve.bird\AppData\Local\{1134C2AA-BCBA-4D63-ADE8-4574E9CD487A}
2012-06-02 18:14:02 -------- d-----w- C:\Users\steve.bird\AppData\Local\{66733F59-12AB-4314-B22E-3E38AF68F894}
2012-06-02 18:13:51 -------- d-----w- C:\Users\steve.bird\AppData\Local\{B77176F9-C35B-45AD-B29D-B0E260DE18E8}
2012-06-02 06:12:31 -------- d-----w- C:\Users\steve.bird\AppData\Local\{535FC8EE-39BD-4267-97A3-EA1720A0295F}
2012-06-02 06:12:18 -------- d-----w- C:\Users\steve.bird\AppData\Local\{F83FA79C-D8EB-4272-AA72-95B5B176D7F4}
2012-06-01 15:12:05 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-01 15:11:43 -------- d-----w- C:\Users\steve.bird\AppData\Local\PunkBuster
2012-06-01 09:58:30 -------- d-----w- C:\Users\steve.bird\AppData\Local\{5783D6D3-177F-45C7-9BEC-83BB004F4DEE}
2012-06-01 09:58:19 -------- d-----w- C:\Users\steve.bird\AppData\Local\{ECB1DF6B-2D0B-49CF-A14D-37ADF8554C0A}
2012-06-01 07:11:11 -------- d-----w- C:\Users\steve.bird\AppData\Local\{96F868C2-CBF1-4B94-A6A4-8181688DCDFE}
2012-05-31 08:26:45 -------- d-----w- C:\Users\steve.bird\AppData\Local\{944EEF2E-0603-43F5-99BB-ACBDD8FB495E}
2012-05-31 08:26:34 -------- d-----w- C:\Users\steve.bird\AppData\Local\{6CC12223-642C-42B7-8F70-AA95887E7631}
2012-05-30 09:10:45 -------- d-----w- C:\sh4ldr
2012-05-30 09:08:28 -------- d-----w- C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-30 09:08:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-05-30 08:07:54 -------- d-----w- C:\Users\steve.bird\AppData\Local\{8D485B6A-B731-49E4-866F-8D70C95ACA3A}
2012-05-30 08:07:40 -------- d-----w- C:\Users\steve.bird\AppData\Local\{7824827B-1C2D-4719-89B3-15D287AD7819}
2012-05-29 07:29:55 -------- d-----w- C:\Users\steve.bird\AppData\Local\{3518CF07-B0C0-4648-881F-CA2739083FC4}
2012-05-29 07:29:44 -------- d-----w- C:\Users\steve.bird\AppData\Local\{788E1459-4950-4FD8-A27B-7233436AB091}
2012-05-28 07:35:48 -------- d-----w- C:\Users\steve.bird\AppData\Local\{AAEF56CB-52C2-4657-A85C-8575A85F3C85}
2012-05-28 07:34:12 -------- d-----w- C:\Users\steve.bird\AppData\Local\{7D5293D6-4857-456D-8DEA-1876E9AA8E27}
2012-05-27 10:06:49 -------- d-----w- C:\Users\steve.bird\AppData\Local\{F8F53304-ED69-45D8-98FB-4A77AC788FE6}
2012-05-27 10:06:12 -------- d-----w- C:\Users\steve.bird\AppData\Local\{B62707DD-0B7C-41C9-A257-7DD29F5E7DA2}
2012-05-27 09:52:25 -------- d-----w- C:\Users\steve.bird\AppData\Local\{C15E7CAB-547E-427E-9628-6370CA7AE714}
2012-05-26 07:33:25 -------- d-----w- C:\Users\steve.bird\AppData\Local\{E108DC84-5C65-4EB2-9D9F-B52441D92D13}
2012-05-25 11:44:10 -------- d-----w- C:\Users\steve.bird\AppData\Local\{1B1AEEAF-BF62-4C45-AD68-0E41C02CBE7A}
2012-05-25 11:43:58 -------- d-----w- C:\Users\steve.bird\AppData\Local\{0F06CF4A-3EC8-4663-937E-E5097E366AEA}
.
==================== Find3M ====================
.
2012-06-22 15:59:30 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-22 08:19:49 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-15 13:05:23 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-13 07:40:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 07:40:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-22 08:27:44 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-22 08:27:43 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-22 08:27:43 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-27 16:18:45 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:28:09.24 ===============

Attached Files

  • Attached File  DDS.txt   34.22KB   3 downloads

Edited by nasdaq, 28 June 2012 - 09:08 AM.
DDS log posted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 28 June 2012 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 29 June 2012 - 03:20 AM

08:36:46.0683 4908 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
08:36:46.0964 4908 ============================================================
08:36:46.0964 4908 Current date / time: 2012/06/29 08:36:46.0964
08:36:46.0964 4908 SystemInfo:
08:36:46.0964 4908
08:36:46.0964 4908 OS Version: 6.1.7601 ServicePack: 1.0
08:36:46.0964 4908 Product type: Workstation
08:36:46.0964 4908 ComputerName: STEVEBIRD-PC
08:36:46.0964 4908 UserName: steve.bird
08:36:46.0964 4908 Windows directory: C:\Windows
08:36:46.0964 4908 System windows directory: C:\Windows
08:36:46.0964 4908 Running under WOW64
08:36:46.0964 4908 Processor architecture: Intel x64
08:36:46.0964 4908 Number of processors: 4
08:36:46.0964 4908 Page size: 0x1000
08:36:46.0964 4908 Boot type: Normal boot
08:36:46.0964 4908 ============================================================
08:36:47.0385 4908 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:36:47.0385 4908 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:36:47.0447 4908 ============================================================
08:36:47.0447 4908 \Device\Harddisk0\DR0:
08:36:47.0447 4908 MBR partitions:
08:36:47.0447 4908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
08:36:47.0447 4908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
08:36:47.0447 4908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
08:36:47.0447 4908 \Device\Harddisk1\DR1:
08:36:47.0447 4908 MBR partitions:
08:36:47.0447 4908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
08:36:47.0447 4908 ============================================================
08:36:47.0463 4908 C: <-> \Device\Harddisk0\DR0\Partition1
08:36:47.0634 4908 D: <-> \Device\Harddisk0\DR0\Partition2
08:36:47.0634 4908 X: <-> \Device\Harddisk1\DR1\Partition0
08:36:47.0634 4908 ============================================================
08:36:47.0634 4908 Initialize success
08:36:47.0634 4908 ============================================================
08:36:53.0562 4052 ============================================================
08:36:53.0562 4052 Scan started
08:36:53.0562 4052 Mode: Manual;
08:36:53.0562 4052 ============================================================
08:36:56.0698 4052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:36:56.0698 4052 1394ohci - ok
08:36:56.0729 4052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:36:56.0729 4052 ACPI - ok
08:36:56.0745 4052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:36:56.0745 4052 AcpiPmi - ok
08:36:56.0823 4052 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:36:56.0823 4052 Adobe LM Service - ok
08:36:57.0462 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:36:57.0462 4052 adp94xx - ok
08:36:57.0899 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:36:57.0899 4052 adpahci - ok
08:36:58.0071 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:36:58.0086 4052 adpu320 - ok
08:36:58.0180 4052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:36:58.0196 4052 AeLookupSvc - ok
08:36:58.0913 4052 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:36:58.0944 4052 AFD - ok
08:37:00.0645 4052 AGERESoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
08:37:00.0660 4052 AGERESoftModem - ok
08:37:00.0692 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:37:00.0692 4052 agp440 - ok
08:37:00.0723 4052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:37:00.0723 4052 ALG - ok
08:37:00.0738 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:37:00.0738 4052 aliide - ok
08:37:00.0738 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:37:00.0754 4052 amdide - ok
08:37:00.0754 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:37:00.0754 4052 AmdK8 - ok
08:37:00.0770 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:37:00.0770 4052 AmdPPM - ok
08:37:00.0785 4052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:37:00.0785 4052 amdsata - ok
08:37:00.0816 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:37:00.0816 4052 amdsbs - ok
08:37:00.0832 4052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:37:00.0832 4052 amdxata - ok
08:37:00.0863 4052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:37:00.0863 4052 AppID - ok
08:37:00.0863 4052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:37:00.0863 4052 AppIDSvc - ok
08:37:00.0879 4052 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:37:00.0879 4052 Appinfo - ok
08:37:01.0628 4052 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:37:01.0628 4052 Apple Mobile Device - ok
08:37:02.0049 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:37:02.0049 4052 arc - ok
08:37:02.0096 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:37:02.0096 4052 arcsas - ok
08:37:03.0141 4052 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:37:03.0141 4052 aspnet_state - ok
08:37:03.0172 4052 ASTSRV - ok
08:37:03.0188 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:37:03.0188 4052 AsyncMac - ok
08:37:03.0203 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:37:03.0203 4052 atapi - ok
08:37:03.0624 4052 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:37:03.0640 4052 AudioEndpointBuilder - ok
08:37:03.0640 4052 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:37:03.0640 4052 AudioSrv - ok
08:37:04.0030 4052 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:37:04.0046 4052 AxInstSV - ok
08:37:04.0514 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:37:04.0529 4052 b06bdrv - ok
08:37:04.0545 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:37:04.0545 4052 b57nd60a - ok
08:37:04.0576 4052 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:37:04.0576 4052 BDESVC - ok
08:37:04.0592 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:37:04.0592 4052 Beep - ok
08:37:04.0638 4052 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:37:04.0638 4052 BFE - ok
08:37:04.0685 4052 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:37:04.0685 4052 BITS - ok
08:37:04.0748 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:37:04.0748 4052 blbdrive - ok
08:37:05.0013 4052 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
08:37:05.0028 4052 Bonjour Service - ok
08:37:05.0106 4052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:37:05.0106 4052 bowser - ok
08:37:05.0122 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:37:05.0122 4052 BrFiltLo - ok
08:37:05.0122 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:37:05.0122 4052 BrFiltUp - ok
08:37:05.0294 4052 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:37:05.0325 4052 Browser - ok
08:37:05.0450 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:37:05.0465 4052 Brserid - ok
08:37:05.0481 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:37:05.0481 4052 BrSerWdm - ok
08:37:05.0496 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:37:05.0496 4052 BrUsbMdm - ok
08:37:05.0496 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:37:05.0496 4052 BrUsbSer - ok
08:37:05.0574 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:37:05.0574 4052 BTHMODEM - ok
08:37:05.0746 4052 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:37:05.0746 4052 bthserv - ok
08:37:05.0777 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:37:05.0777 4052 cdfs - ok
08:37:05.0808 4052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:37:05.0808 4052 cdrom - ok
08:37:05.0824 4052 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:37:05.0824 4052 CertPropSvc - ok
08:37:05.0840 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:37:05.0840 4052 circlass - ok
08:37:05.0902 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:37:05.0902 4052 CLFS - ok
08:37:05.0980 4052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:37:05.0980 4052 clr_optimization_v2.0.50727_32 - ok
08:37:06.0011 4052 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:37:06.0011 4052 clr_optimization_v2.0.50727_64 - ok
08:37:06.0058 4052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:37:06.0074 4052 clr_optimization_v4.0.30319_32 - ok
08:37:06.0089 4052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:37:06.0089 4052 clr_optimization_v4.0.30319_64 - ok
08:37:06.0105 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:37:06.0105 4052 CmBatt - ok
08:37:06.0105 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:37:06.0105 4052 cmdide - ok
08:37:06.0152 4052 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:37:06.0152 4052 CNG - ok
08:37:06.0167 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:37:06.0167 4052 Compbatt - ok
08:37:06.0198 4052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:37:06.0198 4052 CompositeBus - ok
08:37:06.0198 4052 COMSysApp - ok
08:37:06.0245 4052 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
08:37:06.0245 4052 cpuz135 - ok
08:37:06.0261 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:37:06.0261 4052 crcdisk - ok
08:37:06.0292 4052 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:37:06.0292 4052 CryptSvc - ok
08:37:06.0370 4052 DAZContentManagementService (958ef96991abccfdac0953c4a24081dc) C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
08:37:06.0370 4052 DAZContentManagementService - ok
08:37:06.0401 4052 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
08:37:06.0401 4052 dc3d - ok
08:37:06.0432 4052 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:37:06.0432 4052 DcomLaunch - ok
08:37:06.0479 4052 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:37:06.0479 4052 defragsvc - ok
08:37:06.0495 4052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:37:06.0495 4052 DfsC - ok
08:37:06.0542 4052 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:37:06.0542 4052 Dhcp - ok
08:37:06.0557 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:37:06.0557 4052 discache - ok
08:37:06.0557 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:37:06.0573 4052 Disk - ok
08:37:06.0604 4052 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:37:06.0604 4052 Dnscache - ok
08:37:06.0620 4052 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:37:06.0635 4052 dot3svc - ok
08:37:06.0635 4052 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:37:06.0635 4052 DPS - ok
08:37:06.0666 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:37:06.0666 4052 drmkaud - ok
08:37:06.0698 4052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:37:06.0698 4052 DXGKrnl - ok
08:37:06.0713 4052 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:37:06.0713 4052 EapHost - ok
08:37:06.0791 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:37:06.0838 4052 ebdrv - ok
08:37:07.0056 4052 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:37:07.0056 4052 EFS - ok
08:37:07.0228 4052 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
08:37:07.0228 4052 EgisTec Ticket Service - ok
08:37:07.0727 4052 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:37:07.0743 4052 ehRecvr - ok
08:37:07.0758 4052 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:37:07.0774 4052 ehSched - ok
08:37:07.0805 4052 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
08:37:07.0805 4052 ElbyCDIO - ok
08:37:07.0852 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:37:07.0868 4052 elxstor - ok
08:37:07.0868 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:37:07.0868 4052 ErrDev - ok
08:37:07.0914 4052 esgiguard - ok
08:37:08.0289 4052 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:37:08.0304 4052 EventSystem - ok
08:37:08.0351 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:37:08.0351 4052 exfat - ok
08:37:08.0382 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:37:08.0382 4052 fastfat - ok
08:37:08.0429 4052 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:37:08.0429 4052 Fax - ok
08:37:08.0429 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:37:08.0429 4052 fdc - ok
08:37:08.0476 4052 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:37:08.0476 4052 fdPHost - ok
08:37:08.0492 4052 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:37:08.0492 4052 FDResPub - ok
08:37:08.0523 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:37:08.0523 4052 FileInfo - ok
08:37:08.0523 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:37:08.0523 4052 Filetrace - ok
08:37:08.0616 4052 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:37:08.0772 4052 FLEXnet Licensing Service 64 - ok
08:37:09.0053 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:37:09.0069 4052 flpydisk - ok
08:37:09.0084 4052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:37:09.0100 4052 FltMgr - ok
08:37:09.0131 4052 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:37:09.0147 4052 FontCache - ok
08:37:09.0209 4052 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:37:09.0209 4052 FontCache3.0.0.0 - ok
08:37:09.0256 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:37:09.0256 4052 FsDepends - ok
08:37:09.0287 4052 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:37:09.0287 4052 Fs_Rec - ok
08:37:09.0318 4052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:37:09.0318 4052 fvevol - ok
08:37:09.0334 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:37:09.0334 4052 gagp30kx - ok
08:37:09.0365 4052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:37:09.0365 4052 GEARAspiWDM - ok
08:37:09.0443 4052 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:37:09.0443 4052 gpsvc - ok
08:37:09.0521 4052 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
08:37:09.0521 4052 GREGService - ok
08:37:09.0552 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:37:09.0552 4052 hcw85cir - ok
08:37:09.0584 4052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:37:09.0599 4052 HdAudAddService - ok
08:37:09.0615 4052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:37:09.0615 4052 HDAudBus - ok
08:37:09.0630 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:37:09.0630 4052 HidBatt - ok
08:37:09.0630 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:37:09.0630 4052 HidBth - ok
08:37:09.0646 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:37:09.0646 4052 HidIr - ok
08:37:09.0662 4052 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:37:09.0662 4052 hidserv - ok
08:37:09.0677 4052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:37:09.0677 4052 HidUsb - ok
08:37:09.0708 4052 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:37:09.0708 4052 hkmsvc - ok
08:37:09.0724 4052 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:37:09.0740 4052 HomeGroupListener - ok
08:37:09.0755 4052 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:37:09.0755 4052 HomeGroupProvider - ok
08:37:09.0786 4052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:37:09.0786 4052 HpSAMD - ok
08:37:09.0833 4052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:37:09.0833 4052 HTTP - ok
08:37:09.0849 4052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:37:09.0849 4052 hwpolicy - ok
08:37:09.0864 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:37:09.0880 4052 i8042prt - ok
08:37:09.0911 4052 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
08:37:09.0911 4052 iaStor - ok
08:37:10.0067 4052 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:37:10.0067 4052 IAStorDataMgrSvc - ok
08:37:10.0114 4052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:37:10.0114 4052 iaStorV - ok
08:37:10.0192 4052 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:37:10.0192 4052 idsvc - ok
08:37:10.0223 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:37:10.0223 4052 iirsp - ok
08:37:10.0270 4052 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:37:10.0286 4052 IKEEXT - ok
08:37:10.0379 4052 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
08:37:10.0395 4052 IntcAzAudAddService - ok
08:37:10.0473 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:37:10.0473 4052 intelide - ok
08:37:10.0488 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:37:10.0488 4052 intelppm - ok
08:37:10.0504 4052 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:37:10.0504 4052 IPBusEnum - ok
08:37:10.0520 4052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:37:10.0520 4052 IpFilterDriver - ok
08:37:10.0551 4052 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:37:10.0551 4052 iphlpsvc - ok
08:37:10.0566 4052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:37:10.0566 4052 IPMIDRV - ok
08:37:10.0566 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:37:10.0582 4052 IPNAT - ok
08:37:10.0707 4052 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
08:37:10.0707 4052 iPod Service - ok
08:37:10.0738 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:37:10.0738 4052 IRENUM - ok
08:37:10.0769 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:37:10.0769 4052 isapnp - ok
08:37:10.0785 4052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:37:10.0785 4052 iScsiPrt - ok
08:37:10.0800 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:37:10.0800 4052 kbdclass - ok
08:37:10.0832 4052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:37:10.0832 4052 kbdhid - ok
08:37:10.0863 4052 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:37:10.0863 4052 KeyIso - ok
08:37:10.0863 4052 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:37:10.0863 4052 KSecDD - ok
08:37:10.0878 4052 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:37:10.0894 4052 KSecPkg - ok
08:37:10.0894 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:37:10.0894 4052 ksthunk - ok
08:37:10.0925 4052 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:37:10.0925 4052 KtmRm - ok
08:37:10.0941 4052 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:37:10.0956 4052 LanmanServer - ok
08:37:10.0988 4052 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:37:10.0988 4052 LanmanWorkstation - ok
08:37:11.0050 4052 Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:37:11.0050 4052 Live Updater Service - ok
08:37:11.0081 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:37:11.0081 4052 lltdio - ok
08:37:11.0097 4052 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:37:11.0097 4052 lltdsvc - ok
08:37:11.0128 4052 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:37:11.0128 4052 lmhosts - ok
08:37:11.0736 4052 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:37:11.0736 4052 LMIGuardianSvc - ok
08:37:11.0783 4052 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:37:11.0783 4052 LMIInfo - ok
08:37:11.0814 4052 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:37:11.0830 4052 LMIMaint - ok
08:37:11.0846 4052 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
08:37:11.0846 4052 lmimirr - ok
08:37:11.0877 4052 LMIRfsClientNP - ok
08:37:11.0877 4052 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:37:11.0877 4052 LMIRfsDriver - ok
08:37:12.0002 4052 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:37:12.0033 4052 LMS - ok
08:37:12.0111 4052 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:37:12.0111 4052 LogMeIn - ok
08:37:12.0142 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:37:12.0142 4052 LSI_FC - ok
08:37:12.0173 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:37:12.0173 4052 LSI_SAS - ok
08:37:12.0173 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:37:12.0173 4052 LSI_SAS2 - ok
08:37:12.0189 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:37:12.0189 4052 LSI_SCSI - ok
08:37:12.0204 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:37:12.0220 4052 luafv - ok
08:37:12.0251 4052 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:37:12.0251 4052 MBAMProtector - ok
08:37:12.0314 4052 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:37:12.0329 4052 MBAMService - ok
08:37:12.0392 4052 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:37:12.0392 4052 Mcx2Svc - ok
08:37:12.0407 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:37:12.0407 4052 megasas - ok
08:37:12.0438 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:37:12.0438 4052 MegaSR - ok
08:37:12.0470 4052 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:37:12.0470 4052 MEIx64 - ok
08:37:12.0688 4052 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
08:37:12.0688 4052 mi-raysat_3dsmax2012_64 - ok
08:37:12.0797 4052 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:37:12.0813 4052 MMCSS - ok
08:37:12.0828 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:37:12.0828 4052 Modem - ok
08:37:12.0844 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:37:12.0844 4052 monitor - ok
08:37:12.0875 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:37:12.0875 4052 mouclass - ok
08:37:12.0891 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:37:12.0891 4052 mouhid - ok
08:37:12.0906 4052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:37:12.0906 4052 mountmgr - ok
08:37:12.0969 4052 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:37:12.0984 4052 MpFilter - ok
08:37:13.0000 4052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:37:13.0000 4052 mpio - ok
08:37:13.0016 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:37:13.0016 4052 mpsdrv - ok
08:37:13.0062 4052 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:37:13.0062 4052 MpsSvc - ok
08:37:13.0078 4052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:37:13.0078 4052 MRxDAV - ok
08:37:13.0140 4052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:37:13.0140 4052 mrxsmb - ok
08:37:13.0172 4052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:37:13.0172 4052 mrxsmb10 - ok
08:37:13.0187 4052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:37:13.0187 4052 mrxsmb20 - ok
08:37:13.0218 4052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:37:13.0218 4052 msahci - ok
08:37:13.0218 4052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:37:13.0218 4052 msdsm - ok
08:37:13.0250 4052 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:37:13.0250 4052 MSDTC - ok
08:37:13.0281 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:37:13.0281 4052 Msfs - ok
08:37:13.0281 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:37:13.0296 4052 mshidkmdf - ok
08:37:13.0296 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:37:13.0296 4052 msisadrv - ok
08:37:13.0328 4052 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:37:13.0328 4052 MSiSCSI - ok
08:37:13.0328 4052 msiserver - ok
08:37:13.0359 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:37:13.0359 4052 MSKSSRV - ok
08:37:13.0468 4052 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:37:13.0468 4052 MsMpSvc - ok
08:37:13.0468 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:37:13.0468 4052 MSPCLOCK - ok
08:37:13.0468 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:37:13.0468 4052 MSPQM - ok
08:37:13.0484 4052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:37:13.0499 4052 MsRPC - ok
08:37:13.0515 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:37:13.0515 4052 mssmbios - ok
08:37:13.0515 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:37:13.0515 4052 MSTEE - ok
08:37:13.0530 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:37:13.0530 4052 MTConfig - ok
08:37:13.0530 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:37:13.0530 4052 Mup - ok
08:37:13.0546 4052 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:37:13.0546 4052 mwlPSDFilter - ok
08:37:13.0562 4052 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:37:13.0562 4052 mwlPSDNServ - ok
08:37:13.0577 4052 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:37:13.0577 4052 mwlPSDVDisk - ok
08:37:13.0624 4052 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:37:13.0640 4052 napagent - ok
08:37:13.0671 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:37:13.0671 4052 NativeWifiP - ok
08:37:13.0733 4052 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
08:37:13.0733 4052 NAUpdate - ok
08:37:13.0796 4052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:37:13.0811 4052 NDIS - ok
08:37:13.0827 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:37:13.0827 4052 NdisCap - ok
08:37:13.0842 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:37:13.0842 4052 NdisTapi - ok
08:37:13.0874 4052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:37:13.0874 4052 Ndisuio - ok
08:37:13.0889 4052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:37:13.0889 4052 NdisWan - ok
08:37:13.0905 4052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:37:13.0905 4052 NDProxy - ok
08:37:13.0905 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:37:13.0905 4052 NetBIOS - ok
08:37:13.0920 4052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:37:13.0920 4052 NetBT - ok
08:37:13.0952 4052 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:37:13.0952 4052 Netlogon - ok
08:37:13.0983 4052 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:37:13.0983 4052 Netman - ok
08:37:14.0092 4052 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:37:14.0092 4052 NetMsmqActivator - ok
08:37:14.0092 4052 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:37:14.0092 4052 NetPipeActivator - ok
08:37:14.0154 4052 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:37:14.0154 4052 netprofm - ok
08:37:14.0248 4052 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
08:37:14.0264 4052 netr28x - ok
08:37:14.0498 4052 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:37:14.0498 4052 NetTcpActivator - ok
08:37:14.0498 4052 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:37:14.0513 4052 NetTcpPortSharing - ok
08:37:14.0560 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:37:14.0560 4052 nfrd960 - ok
08:37:14.0607 4052 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:37:14.0607 4052 NisDrv - ok
08:37:14.0700 4052 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
08:37:14.0700 4052 NisSrv - ok
08:37:14.0747 4052 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:37:14.0747 4052 NlaSvc - ok
08:37:14.0778 4052 nlsInterface (40777bd92d73a8ff3b252e4f4881e672) C:\Windows\system32\nlsInterface.exe
08:37:14.0778 4052 nlsInterface - ok
08:37:14.0872 4052 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
08:37:14.0872 4052 NMSAccess - ok
08:37:14.0903 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:37:14.0903 4052 Npfs - ok
08:37:14.0950 4052 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:37:14.0950 4052 nsi - ok
08:37:14.0950 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:37:14.0966 4052 nsiproxy - ok
08:37:15.0028 4052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:37:15.0044 4052 Ntfs - ok
08:37:15.0153 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:37:15.0153 4052 Null - ok
08:37:15.0200 4052 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
08:37:15.0200 4052 NVHDA - ok
08:37:21.0206 4052 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:37:21.0268 4052 nvlddmkm - ok
08:37:21.0986 4052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:37:21.0986 4052 nvraid - ok
08:37:22.0017 4052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:37:22.0017 4052 nvstor - ok
08:37:22.0064 4052 NVSvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
08:37:22.0079 4052 NVSvc - ok
08:37:23.0842 4052 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:37:23.0889 4052 nvUpdatusService - ok
08:37:23.0998 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:37:23.0998 4052 nv_agp - ok
08:37:24.0014 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:37:24.0014 4052 ohci1394 - ok
08:37:24.0404 4052 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:37:24.0419 4052 ose - ok
08:37:27.0243 4052 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:37:27.0352 4052 osppsvc - ok
08:37:27.0976 4052 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:37:28.0007 4052 p2pimsvc - ok
08:37:28.0039 4052 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:37:28.0039 4052 p2psvc - ok
08:37:28.0101 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:37:28.0101 4052 Parport - ok
08:37:28.0117 4052 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:37:28.0117 4052 partmgr - ok
08:37:28.0132 4052 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:37:28.0148 4052 PcaSvc - ok
08:37:28.0148 4052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:37:28.0148 4052 pci - ok
08:37:28.0163 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:37:28.0163 4052 pciide - ok
08:37:28.0226 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:37:28.0226 4052 pcmcia - ok
08:37:28.0241 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:37:28.0241 4052 pcw - ok
08:37:28.0257 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:37:28.0257 4052 PEAUTH - ok
08:37:28.0366 4052 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:37:28.0366 4052 PerfHost - ok
08:37:29.0053 4052 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:37:29.0068 4052 pla - ok
08:37:29.0115 4052 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:37:29.0115 4052 PlugPlay - ok
08:37:29.0131 4052 PnkBstrA - ok
08:37:29.0146 4052 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:37:29.0146 4052 PNRPAutoReg - ok
08:37:29.0177 4052 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:37:29.0177 4052 PNRPsvc - ok
08:37:29.0240 4052 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:37:29.0240 4052 Point64 - ok
08:37:29.0739 4052 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:37:29.0770 4052 PolicyAgent - ok
08:37:29.0817 4052 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:37:29.0817 4052 Power - ok
08:37:29.0848 4052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:37:29.0848 4052 PptpMiniport - ok
08:37:29.0879 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:37:29.0879 4052 Processor - ok
08:37:29.0911 4052 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:37:29.0911 4052 ProfSvc - ok
08:37:29.0942 4052 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:37:29.0942 4052 ProtectedStorage - ok
08:37:29.0973 4052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:37:29.0973 4052 Psched - ok
08:37:30.0020 4052 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:37:30.0020 4052 PxHlpa64 - ok
08:37:30.0098 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:37:30.0113 4052 ql2300 - ok
08:37:30.0176 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:37:30.0191 4052 ql40xx - ok
08:37:30.0223 4052 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:37:30.0223 4052 QWAVE - ok
08:37:30.0223 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:37:30.0238 4052 QWAVEdrv - ok
08:37:30.0254 4052 radpms (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
08:37:30.0254 4052 radpms - ok
08:37:30.0269 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:37:30.0269 4052 RasAcd - ok
08:37:30.0285 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:37:30.0285 4052 RasAgileVpn - ok
08:37:30.0316 4052 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:37:30.0316 4052 RasAuto - ok
08:37:30.0316 4052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:37:30.0332 4052 Rasl2tp - ok
08:37:30.0347 4052 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:37:30.0347 4052 RasMan - ok
08:37:30.0363 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:37:30.0363 4052 RasPppoe - ok
08:37:30.0363 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:37:30.0363 4052 RasSstp - ok
08:37:30.0394 4052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:37:30.0394 4052 rdbss - ok
08:37:30.0410 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:37:30.0410 4052 rdpbus - ok
08:37:30.0425 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:37:30.0425 4052 RDPCDD - ok
08:37:30.0425 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:37:30.0425 4052 RDPENCDD - ok
08:37:30.0441 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:37:30.0441 4052 RDPREFMP - ok
08:37:30.0613 4052 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:37:30.0628 4052 RDPWD - ok
08:37:30.0659 4052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:37:30.0659 4052 rdyboost - ok
08:37:30.0675 4052 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:37:30.0675 4052 RemoteAccess - ok
08:37:30.0691 4052 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:37:30.0691 4052 RemoteRegistry - ok
08:37:30.0706 4052 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:37:30.0706 4052 RpcEptMapper - ok
08:37:30.0706 4052 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:37:30.0706 4052 RpcLocator - ok
08:37:30.0737 4052 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:37:30.0737 4052 RpcSs - ok
08:37:30.0753 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:37:30.0753 4052 rspndr - ok
08:37:30.0815 4052 RTL8167 (712944c0a377e9b8743f95bd83e882d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:37:30.0815 4052 RTL8167 - ok
08:37:30.0847 4052 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:37:30.0847 4052 SamSs - ok
08:37:30.0862 4052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:37:30.0862 4052 sbp2port - ok
08:37:30.0878 4052 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:37:30.0893 4052 SCardSvr - ok
08:37:30.0893 4052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:37:30.0893 4052 scfilter - ok
08:37:30.0925 4052 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:37:30.0956 4052 Schedule - ok
08:37:30.0987 4052 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:37:30.0987 4052 SCPolicySvc - ok
08:37:30.0987 4052 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:37:31.0003 4052 SDRSVC - ok
08:37:31.0034 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:37:31.0034 4052 secdrv - ok
08:37:31.0049 4052 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:37:31.0049 4052 seclogon - ok
08:37:31.0112 4052 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:37:31.0127 4052 SENS - ok
08:37:31.0127 4052 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:37:31.0143 4052 SensrSvc - ok
08:37:31.0143 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:37:31.0143 4052 Serenum - ok
08:37:31.0159 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:37:31.0159 4052 Serial - ok
08:37:31.0159 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:37:31.0159 4052 sermouse - ok
08:37:31.0174 4052 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:37:31.0174 4052 SessionEnv - ok
08:37:31.0174 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:37:31.0174 4052 sffdisk - ok
08:37:31.0174 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:37:31.0174 4052 sffp_mmc - ok
08:37:31.0190 4052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:37:31.0190 4052 sffp_sd - ok
08:37:31.0190 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:37:31.0190 4052 sfloppy - ok
08:37:31.0221 4052 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:37:31.0221 4052 SharedAccess - ok
08:37:31.0252 4052 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:37:31.0252 4052 ShellHWDetection - ok
08:37:31.0252 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:37:31.0252 4052 SiSRaid2 - ok
08:37:31.0268 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:37:31.0268 4052 SiSRaid4 - ok
08:37:31.0346 4052 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:37:31.0346 4052 SkypeUpdate - ok
08:37:31.0361 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:37:31.0361 4052 Smb - ok
08:37:31.0393 4052 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:37:31.0393 4052 SNMPTRAP - ok
08:37:31.0408 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:37:31.0408 4052 spldr - ok
08:37:31.0424 4052 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:37:31.0439 4052 Spooler - ok
08:37:31.0751 4052 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:37:31.0829 4052 sppsvc - ok
08:37:32.0282 4052 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:37:32.0282 4052 sppuinotify - ok
08:37:32.0329 4052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:37:32.0329 4052 srv - ok
08:37:32.0344 4052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:37:32.0360 4052 srv2 - ok
08:37:32.0375 4052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:37:32.0375 4052 srvnet - ok
08:37:32.0407 4052 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:37:32.0407 4052 SSDPSRV - ok
08:37:32.0407 4052 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:37:32.0422 4052 SstpSvc - ok
08:37:32.0500 4052 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:37:32.0500 4052 Stereo Service - ok
08:37:32.0531 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:37:32.0531 4052 stexstor - ok
08:37:32.0547 4052 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:37:32.0547 4052 stisvc - ok
08:37:32.0563 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:37:32.0563 4052 swenum - ok
08:37:32.0641 4052 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:37:32.0641 4052 SwitchBoard - ok
08:37:32.0672 4052 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:37:32.0672 4052 swprv - ok
08:37:32.0719 4052 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:37:32.0765 4052 SysMain - ok
08:37:32.0828 4052 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:37:32.0843 4052 TabletInputService - ok
08:37:32.0859 4052 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:37:32.0859 4052 TapiSrv - ok
08:37:32.0875 4052 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:37:32.0875 4052 TBS - ok
08:37:32.0984 4052 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:37:33.0015 4052 Tcpip - ok
08:37:33.0764 4052 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:37:33.0764 4052 TCPIP6 - ok
08:37:34.0481 4052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:37:34.0513 4052 tcpipreg - ok
08:37:34.0544 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:37:34.0544 4052 TDPIPE - ok
08:37:34.0559 4052 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:37:34.0559 4052 TDTCP - ok
08:37:34.0575 4052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:37:34.0575 4052 tdx - ok
08:37:34.0591 4052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:37:34.0591 4052 TermDD - ok
08:37:34.0637 4052 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:37:34.0653 4052 TermService - ok
08:37:34.0653 4052 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:37:34.0669 4052 Themes - ok
08:37:34.0700 4052 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:37:34.0700 4052 THREADORDER - ok
08:37:34.0700 4052 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:37:34.0700 4052 TrkWks - ok
08:37:34.0747 4052 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:37:34.0747 4052 TrustedInstaller - ok
08:37:34.0762 4052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:37:34.0762 4052 tssecsrv - ok
08:37:34.0793 4052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:37:34.0793 4052 TsUsbFlt - ok
08:37:34.0809 4052 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:37:34.0809 4052 TsUsbGD - ok
08:37:34.0840 4052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:37:34.0840 4052 tunnel - ok
08:37:34.0856 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:37:34.0856 4052 uagp35 - ok
08:37:34.0871 4052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:37:34.0887 4052 udfs - ok
08:37:34.0903 4052 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:37:34.0903 4052 UI0Detect - ok
08:37:34.0903 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:37:34.0903 4052 uliagpkx - ok
08:37:34.0934 4052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:37:34.0934 4052 umbus - ok
08:37:34.0934 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:37:34.0934 4052 UmPass - ok
08:37:35.0027 4052 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
08:37:35.0059 4052 UnlockerDriver5 - ok
08:37:35.0807 4052 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:37:35.0854 4052 UNS - ok
08:37:36.0307 4052 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:37:36.0338 4052 upnphost - ok
08:37:36.0416 4052 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:37:36.0416 4052 USBAAPL64 - ok
08:37:36.0447 4052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:37:36.0447 4052 usbccgp - ok
08:37:36.0494 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:37:36.0494 4052 usbcir - ok
08:37:36.0509 4052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:37:36.0509 4052 usbehci - ok
08:37:36.0541 4052 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
08:37:36.0541 4052 UsbFltr - ok
08:37:36.0587 4052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:37:36.0587 4052 usbhub - ok
08:37:36.0759 4052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:37:36.0775 4052 usbohci - ok
08:37:36.0806 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:37:36.0806 4052 usbprint - ok
08:37:36.0868 4052 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
08:37:36.0868 4052 USBS3S4Detection - ok
08:37:36.0899 4052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:37:36.0899 4052 USBSTOR - ok
08:37:36.0915 4052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:37:36.0931 4052 usbuhci - ok
08:37:36.0946 4052 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:37:36.0946 4052 UxSms - ok
08:37:36.0977 4052 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:37:36.0977 4052 VaultSvc - ok
08:37:37.0024 4052 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
08:37:37.0024 4052 VClone - ok
08:37:37.0040 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:37:37.0040 4052 vdrvroot - ok
08:37:37.0071 4052 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:37:37.0071 4052 vds - ok
08:37:37.0071 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:37:37.0087 4052 vga - ok
08:37:37.0087 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:37:37.0087 4052 VgaSave - ok
08:37:37.0118 4052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:37:37.0118 4052 vhdmp - ok
08:37:37.0118 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:37:37.0118 4052 viaide - ok
08:37:37.0149 4052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:37:37.0149 4052 volmgr - ok
08:37:37.0165 4052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:37:37.0180 4052 volmgrx - ok
08:37:37.0196 4052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:37:37.0196 4052 volsnap - ok
08:37:37.0211 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:37:37.0211 4052 vsmraid - ok
08:37:37.0274 4052 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:37:37.0305 4052 VSS - ok
08:37:37.0383 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:37:37.0383 4052 vwifibus - ok
08:37:37.0399 4052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:37:37.0399 4052 vwififlt - ok
08:37:37.0430 4052 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:37:37.0430 4052 W32Time - ok
08:37:37.0430 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:37:37.0430 4052 WacomPen - ok
08:37:37.0445 4052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:37:37.0445 4052 WANARP - ok
08:37:37.0445 4052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:37:37.0445 4052 Wanarpv6 - ok
08:37:37.0555 4052 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:37:37.0570 4052 WatAdminSvc - ok
08:37:37.0617 4052 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:37:37.0648 4052 wbengine - ok
08:37:37.0726 4052 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:37:37.0726 4052 WbioSrvc - ok
08:37:37.0742 4052 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:37:37.0742 4052 wcncsvc - ok
08:37:37.0757 4052 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:37:37.0757 4052 WcsPlugInService - ok
08:37:37.0773 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:37:37.0773 4052 Wd - ok
08:37:37.0789 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:37:37.0804 4052 Wdf01000 - ok
08:37:37.0804 4052 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:37:37.0804 4052 WdiServiceHost - ok
08:37:37.0820 4052 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:37:37.0820 4052 WdiSystemHost - ok
08:37:37.0835 4052 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:37:37.0835 4052 WebClient - ok
08:37:37.0851 4052 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:37:37.0851 4052 Wecsvc - ok
08:37:37.0867 4052 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:37:37.0867 4052 wercplsupport - ok
08:37:37.0898 4052 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:37:37.0898 4052 WerSvc - ok
08:37:37.0945 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:37:37.0945 4052 WfpLwf - ok
08:37:37.0960 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:37:37.0960 4052 WIMMount - ok
08:37:37.0976 4052 WinDefend - ok
08:37:37.0991 4052 WinHttpAutoProxySvc - ok
08:37:38.0069 4052 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:37:38.0069 4052 Winmgmt - ok
08:37:38.0537 4052 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:37:38.0569 4052 WinRM - ok
08:37:39.0380 4052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:37:39.0395 4052 WinUsb - ok
08:37:39.0536 4052 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:37:39.0551 4052 Wlansvc - ok
08:37:39.0739 4052 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:37:39.0754 4052 wlcrasvc - ok
08:37:41.0533 4052 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:37:41.0579 4052 wlidsvc - ok
08:37:41.0704 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:37:41.0704 4052 WmiAcpi - ok
08:37:41.0782 4052 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:37:41.0782 4052 wmiApSrv - ok
08:37:41.0813 4052 WMPNetworkSvc - ok
08:37:41.0845 4052 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:37:41.0845 4052 WPCSvc - ok
08:37:41.0860 4052 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:37:41.0860 4052 WPDBusEnum - ok
08:37:41.0876 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:37:41.0876 4052 ws2ifsl - ok
08:37:41.0891 4052 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:37:41.0891 4052 wscsvc - ok
08:37:41.0891 4052 WSearch - ok
08:37:41.0985 4052 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:37:42.0016 4052 wuauserv - ok
08:37:42.0656 4052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:37:42.0671 4052 WudfPf - ok
08:37:42.0749 4052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:37:42.0749 4052 WUDFRd - ok
08:37:42.0781 4052 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:37:42.0781 4052 wudfsvc - ok
08:37:42.0796 4052 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:37:42.0812 4052 WwanSvc - ok
08:37:43.0763 4052 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:37:43.0763 4052 YahooAUService - ok
08:37:43.0795 4052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:37:46.0088 4052 \Device\Harddisk0\DR0 - ok
08:37:46.0088 4052 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
08:37:46.0088 4052 \Device\Harddisk1\DR1 - ok
08:37:46.0119 4052 Boot (0x1200) (cbb87340b330ce448232239751220c9b) \Device\Harddisk0\DR0\Partition0
08:37:46.0119 4052 \Device\Harddisk0\DR0\Partition0 - ok
08:37:46.0150 4052 Boot (0x1200) (7613cde92dca7d3b9068bbb22de8409d) \Device\Harddisk0\DR0\Partition1
08:37:46.0150 4052 \Device\Harddisk0\DR0\Partition1 - ok
08:37:46.0197 4052 Boot (0x1200) (10ba3e34baf4da95970881cfe33e3aa4) \Device\Harddisk0\DR0\Partition2
08:37:46.0213 4052 \Device\Harddisk0\DR0\Partition2 - ok
08:37:46.0213 4052 Boot (0x1200) (920cfff904d52d7ec57b2be05445e393) \Device\Harddisk1\DR1\Partition0
08:37:46.0213 4052 \Device\Harddisk1\DR1\Partition0 - ok
08:37:46.0213 4052 ============================================================
08:37:46.0213 4052 Scan finished
08:37:46.0213 4052 ============================================================
08:37:46.0213 3944 Detected object count: 0
08:37:46.0213 3944 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 08:39:37
-----------------------------
08:39:37.712 OS Version: Windows x64 6.1.7601 Service Pack 1
08:39:37.712 Number of processors: 4 586 0x2A07
08:39:37.712 ComputerName: STEVEBIRD-PC UserName: steve.bird
08:39:39.600 Initialize success
08:43:35.606 AVAST engine defs: 12062900
08:45:56.786 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:45:56.786 Disk 0 Vendor: ST310005 JC45 Size: 953869MB BusType: 8
08:45:56.801 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:45:56.801 Disk 1 Vendor: WDC_WD50 07.0 Size: 476940MB BusType: 8
08:45:56.801 Disk 0 MBR read successfully
08:45:56.801 Disk 0 MBR scan
08:45:56.801 Disk 0 Windows 7 default MBR code
08:45:56.817 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19456 MB offset 2048
08:45:56.833 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 39847936
08:45:56.864 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466894 MB offset 40052736
08:45:56.895 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 467417 MB offset 996251648
08:45:56.957 Disk 0 scanning C:\Windows\system32\drivers
08:46:05.397 Service scanning
08:46:24.273 Modules scanning
08:46:24.273 Disk 0 trace - called modules:
08:46:24.304 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:46:24.304 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e5a060]
08:46:24.304 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f24050]
08:46:29.702 AVAST engine scan C:\Windows
08:46:31.652 AVAST engine scan C:\Windows\system32
08:49:24.001 AVAST engine scan C:\Windows\system32\drivers
08:49:33.486 AVAST engine scan C:\Users\steve.bird
08:57:00.250 File: C:\Users\steve.bird\Downloads\Electric.Rain.Swift.3D.PS.v1.0.134.Retail.Incl.Keymaker-CORE\keygen.exe **INFECTED** Win32:Malware-gen
08:59:11.105 AVAST engine scan C:\ProgramData
09:01:32.941 Scan finished successfully
09:17:43.247 Disk 0 MBR has been saved successfully to "C:\Users\steve.bird\Desktop\MBR.dat"
09:17:43.294 The log file has been saved successfully to "C:\Users\steve.bird\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   571bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 29 June 2012 - 09:04 AM

C:\Users\steve.bird\Downloads\Electric.Rain.Swift.3D.PS.v1.0.134.Retail.Incl.Keymaker-CORE\keygen.exe
**INFECTED** Win32:Malware-gen


Do you want to keep this file keygen.exe?
Or the Electric.Rain.Swift.3D.PS.v1.0.134.Retail.Incl.Keymaker-CORE?
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============


Please post the logs and let me know what problem persists.

#5 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 30 June 2012 - 10:08 AM

Will remove the indicated keygens.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
steve.bird :: STEVEBIRD-PC [administrator]

Protection: Disabled

30/06/2012 15:05:43
mbam-log-2012-06-30 (15-05-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273675
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





ComboFix 12-06-28.03 - steve.bird 30/06/2012 15:37:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.4398 [GMT 1:00]
Running from: c:\users\steve.bird\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Messenger.lnk
c:\users\steve.bird\AppData\Local\Temp\{DCDBD241-8BA6-430D-A000-B40F29F572EC}\fpb.tmp
c:\users\STEVE~1.BIR\AppData\Local\Temp\{DCDBD241-8BA6-430D-A000-B40F29F572EC}\fpb.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Memman.vxd
c:\windows\SysWow64\skinboxer43.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 14:42 . 2012-06-30 14:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-30 00:55 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF22DA06-C21C-4A00-A645-8EC382DE3D2B}\mpengine.dll
2012-06-29 14:53 . 2012-06-29 14:53 -------- d-----w- c:\users\steve.bird\AppData\Local\Acer
2012-06-29 14:09 . 2012-06-29 14:14 -------- d-----w- c:\users\steve.bird\AppData\Local\Adobe
2012-06-29 07:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-26 09:42 . 2012-06-26 09:42 -------- d-----w- c:\programdata\Yahoo! Companion
2012-06-26 09:41 . 2012-06-26 09:42 -------- d-----w- c:\programdata\Yahoo!
2012-06-26 09:39 . 2012-06-26 09:42 -------- d-----w- c:\program files (x86)\Yahoo!
2012-06-25 07:45 . 2012-06-25 07:45 -------- d-----w- c:\users\steve.bird\AppData\Local\Google
2012-06-25 07:45 . 2012-06-27 07:24 -------- d-----w- c:\program files (x86)\Google
2012-06-23 07:37 . 2012-06-23 21:21 -------- d-----w- c:\program files (x86)\Panda Security
2012-06-22 08:19 . 2012-06-22 08:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-22 08:18 . 2012-06-22 08:18 -------- d-----w- c:\programdata\McAfee
2012-06-21 01:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 01:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 01:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 01:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 01:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 01:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 01:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 01:11 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 01:11 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Autodesk
2012-06-15 06:12 . 2012-06-15 06:12 -------- d-----w- c:\users\steve.bird\AppData\Local\backburner
2012-06-14 08:34 . 2012-06-22 13:29 -------- d-----w- c:\users\steve.bird\AppData\Roaming\vlc
2012-06-14 08:16 . 2012-06-14 08:17 -------- d-----w- c:\program files\iTunes
2012-06-14 08:16 . 2012-06-14 08:17 -------- d-----w- c:\program files (x86)\iTunes
2012-06-14 08:16 . 2012-06-14 08:16 -------- d-----w- c:\program files\iPod
2012-06-13 07:52 . 2012-02-10 13:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60B7D01E-9B7D-4BF4-8587-1B81D087856B}\gapaengine.dll
2012-06-13 07:43 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 10:23 . 2012-06-12 10:23 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-09 11:12 . 2012-06-09 11:12 -------- d-----w- c:\users\steve.bird\AppData\Roaming\Astute Graphics
2012-06-09 11:11 . 2012-06-09 11:11 -------- d-----w- c:\programdata\Astute Graphics
2012-06-09 11:11 . 2012-06-09 11:11 -------- d-----w- c:\program files (x86)\com.astg.dw1
2012-06-01 15:12 . 2012-06-22 15:59 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-01 15:11 . 2012-06-01 15:11 -------- d-----w- c:\users\steve.bird\AppData\Local\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 15:59 . 2012-04-27 16:18 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-22 08:19 . 2012-02-10 11:57 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-15 13:05 . 2012-04-27 16:18 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-13 07:40 . 2012-03-30 07:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 07:40 . 2012-02-09 12:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 08:27 . 2011-11-07 09:07 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 08:27 . 2011-11-07 09:07 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 08:27 . 2011-11-07 09:07 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-27 16:18 . 2012-04-27 16:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 14:56 . 2011-11-15 10:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Web Studio 5.0 Update Setup for All Users"="c:\programdata\{22A05767-4EAB-4AF6-A400-7E5B87BE48E3}\WebStudio5Install.exe" [2010-02-22 2916202]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\steve.bird\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-10 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"WD Spindown Utility"="c:\program files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\steve.bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\steve.bird\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\steve.bird\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Skype.lnk - c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe [N/A]
Suitcase 11.0.lnk - c:\windows\Installer\{7451C9B5-3E10-4E59-AD37-AB7438D84288}\_01D57C9244869186542E24.exe [2011-11-2 9062]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-27 1431888]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2011-09-16 14944]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-16 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-16 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-16 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe [2009-04-03 72192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-508858066-2990751580-3668894822-1000Core.job
- c:\users\steve.bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 09:17]
.
2012-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-508858066-2990751580-3668894822-1000UA.job
- c:\users\steve.bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 09:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\steve.bird\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search Image on TinEye - file://c:\users\steve.bird\Documents\TinEye IE Plugin\TinEye.js
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Web Studio 5.0 Update Setup - c:\users\steve.bird\AppData\Local\{22A05767-4EAB-4AF6-A400-7E5B87BE48E3}\WebStudio5Install.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-508858066-2990751580-3668894822-1000_Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@Allowed: (Read) (RestrictedCode)
@=hex:36,90,c3,bc,02,eb,cc,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:42,0f,e4,b1,f5,e7,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASTSRV.EXE
c:\program files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
c:\program files (x86)\Blaze Media Pro\NMSAccess32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
.
**************************************************************************
.
Completion time: 2012-06-30 15:54:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 14:54
.
Pre-Run: 290,997,166,080 bytes free
Post-Run: 290,618,744,832 bytes free
.
- - End Of File - - 3F11F4F45469566D6CF013592C7B8C20

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 30 June 2012 - 12:58 PM

Looking better.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Any remaining issues?

#7 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 01 July 2012 - 06:21 AM

Running better thanks.


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 33
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 01 July 2012 - 07:17 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 33


===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 08 July 2012 - 10:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users